<?php
/* Проверка логина/пароля
 * Данные в таблице ACL:
 *      USERNAME -- имя пользователя
 *      PASSWORD -- md5 пароля
 *      ACCES_LEVEL -- уровень доступа [0-3]
 */
session_start();

require_once '../connect.php';
$mysql = connect();
$query = "SET NAMES 'utf8'";
$mysql->query($query);

$username = $_POST["username"];
$password = $_POST["password"];

$query = "SELECT `ACCESS_LEVEL`, `ID`
            FROM `Users` WHERE
                `USERNAME`='$username' AND
                `PASSWORD` = MD5('$password')";

$result = $mysql->query($query);

if ($result->num_rows){
    $row = $result->fetch_array(MYSQLI_ASSOC);
    $accessLevel = $row["ACCESS_LEVEL"];
	if ($accessLevel >= 0 && $accessLevel <= 1) {	
	    echo $accessLevel;
	    $_SESSION['AUTH'] = $accessLevel;
		$_SESSION['ID'] = $row["ID"];
	} else echo -1;
} else echo -1;

?>